According to a recent report by the BSA software alliance, use of unlicensed software is down slightly, but remains widespread. Globally, BSA estimates 37 percent of installed software is unlicensed. Software manufacturers take an active role pursuing licensing to the chagrin of some thought leaders in the IT profession—who have referred to software licensing audit practices as an “aggressive shakedown” carried out with “egregious” tenacity.
In any regard, if you’re a business that buys software licensing you need to be ready for an audit even if you’re not pirating. That’s because many honest companies have been subject to violations and fines because they unwittingly under-license software, or handle their licensing procedures incorrectly. In short, failure to plan, document, and organize leaves you subject to fines.
How often are businesses subject to audits by software companies?
Microsoft typically audits Volume Licensing customers once every three or four years, says Daryl Ullman of Emerset Consulting Group. You could be doing everything correctly with your software asset management, but eventually Microsoft gets around to checking that licensing is copacetic with your software usage. Routine checks are now the modus operandi for software companies, and are also conducted by industry watchdogs like BSA. So when it’s your time, it’s your time.
Between the routine checks, there are several behaviors companies typically engage in that trigger software audits.
All software audits have one thing in common
The first step that triggers any software audit is when you buy business software legitimately in the first place. You might say buying the software to begin with is what triggers every audit that follows afterward.
Often licensors may take into consideration purchasing history when deciding whether to pursue a software audit later. For instance, if you suddenly renew fewer licenses than what was purchased in years past, the reviewer will wonder how your business is continuing to operate without its usual toolset. Another suspicious activity that draws attention is quick, sneaky removal of software from servers. Usually this occurs in the wake of a notice sent by a software vendor, or perhaps one of their consultants, or a BSA representative.
What not to do if you receive audit correspondence
Obviously, surreptitiously removing unlicensed software after an audit letter is an unadvisable behavior. But do not think that the opposite is OK and embark on a software license buying spree as a break-fix measure. This is not the correct course of action. It will not rectify the situation, nor will it make the audit go away. Auditors will find out about noncompliant use of software anyway.
Changes in your IT infrastructure may trigger suspicions
Making changes to your physical IT environment can trigger a software audit. For example, when a company upgrades server hardware, they probably add to the total number of processor cores in their data center. If that data center serves applications using Windows Server 2016, the licensing requirement is tied to the number of cores in the server CPU. So any time Microsoft learns that you’ve spun up new server hardware on premises, that’s going to be of interest to whomever is reviewing the licensing. Any time a business upgrades hardware, it’s a convenient time to see if your licensing covers the new build-out.
Other software, like an Oracle database, ties licensing to physical processor cores as well. Additionally, with this software, if you start virtualizing your servers, Oracle License Management Services (LMS) get touchy if it sees its customers using VMware vSphere. That is due to this hypervisor’s predictive workload balancing features, which may cause database workloads to accidentally run on an unlicensed host server unless configurations are set specifically to avoid this.
Growth and other changes to your business may be a software audit trigger
If your company was recently part of a merger or acquisition, that tends to pique the interest of software licensors, says Richcard Spitoven of B-lay License Management Company. Usually M&A activity is accompanied by personnel and infrastructure shake-ups, and it’s a convenient time to check if licensing still aligns with usage.
Similarly, if a company undergoes any dramatic growth over a short period of time, that may trigger a software audit. Software companies are smart and realize when a business scales up, so do their licensing requirements. It makes sense that software makers watch licensee headcount to make sure licensing purchases line up properly with personnel changes. If your company size and scope blatantly exceeds the licensing that you’ve purchased, that is something software companies will look into.
If you purchase Microsoft Licensing through an Enterprise Agreement, you’re subject to an annual True Up. This is a company’s opportunity to square up with Microsoft, aligning growth with any extra licensing you may need. A Zero Sum True Up form usually includes other questions about your inventory and headcount. If your responses do not jive with your licensing claim, you might expect a software audit to follow.
It’s dangerous to go alone!
A small- to medium-sized business usually doesn’t have the expertise in house to adequately steer you away from behaviors that trigger software audits. If you’re confused or made anxious by the complexities of Microsoft licensing, you’re not alone—we are happy to help you sort out your needs and stay compliant.
Reach our licensing experts during regular business hours Monday-Friday: firstname.lastname@example.org or call 888-482-6678.
In any case, if you’re a business licensing software you should expect to be audited eventually even if you’re reporting correctly. For Microsoft, Oracle, and virtually every company that licenses software, audits generate revenue. In large part, avoiding fines resulting from a software audit means keeping your hardware inventory maintained up to date. Also, it’s critical to use Active Directory or authentication software for managing user access to licensed software.